Speak only if your words are more beautiful than your silence

Password Hashing in Client Side

Password security is most important concern in web development. Most of the web applications developed now a days secure user password by hashing it in server side before storing it in database. But still there is possibility of exposing user password in client side if not handled properly.

Let’s take Laravel framework as an example to move ahead. Laravel framework can be installed following their official page installation guide.
After laravel installation we can get it’s default authentication using the following command:

php artisan make:auth

This command creates login and registration views along with the routes needed for user authentication.

Here, our application is ready for user registration and login.

Once user is registered and login to the application we see that password is being exposed in network panel of chrome dev tools or firebug.

Laravel provides Bcrypt hashing for storing user password on server side. To make user password more secure we can use password hashing in client side before sending it to server. There are different algorithms that can be used for password hashing but let’s use here SHA-256 algorithm. To see the output of SHA-256 password hashing please check this url.

To implement password hashing we need to add sha256 js file in the project which can be downloaded from here. After adding this file to the project we need to hash password in client side before user register or login to the application. This client side password hashing is essential if the project is related to financial transactions.